Netstat continuous refresh (watch changes the output)

Question

I am using this simple command to monitor connections (to deal with some recent DoS attacks) on my Debian server:

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

How do I run it continuously? So it will refresh itself once per minute (or any given amount of time, of course). I tried watch:

watch -n 30 "netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n"

But it changed the output from nice list with num of connections to something like this:

1 tcp        0  10015 [LOCAL IP]
...
1 Proto Recv-Q Send-Q Local Address           Foreign Address         State
1 Active Internet connections (w/o servers)

So external IP is not being displayed. Is there something I missed?

This is how the original output looks:

  2 [IP ADDRESS]
  4 [IP ADDRESS]
  4 [IP ADDRESS]
  4 [IP ADDRESS]
  7 [IP ADDRESS]
 16 [IP ADDRESS]
 71 [IP ADDRESS]

And when I say [LOCAL IP] I mean my machine's IP.

When I run it with -c it just freezes.

score 37 · Accepted Answer · answered Jun 12 '12 at 13:35

37

netstat -c

may help you if i've not misunderstood your problem. -c stands for --continuous.

EDIT: there you go:

watch -n 30 "netstat -ntu | awk '{print \$5}' | cut -d: -f1 | sort | uniq -c | sort -n"

I've added a \ before $.

answered Jun 12 '12 at 13:35

hcg

486

score 5 · Answer 2 · answered Feb 20 '20 at 04:28

5

Searching for command for macos ends up here. For those mac user who want to see the real-time connections of a process:

nettop -p 60683

You can also restrict the interface type, like wifi or wired...

nettop -t wifi -n -p 60683

answered Feb 20 '20 at 04:28

Iceberg

151

score 4 · Answer 3 · answered Apr 29 '20 at 01:09

4

Monitoring on Ubuntu 18.04 LTS, this worked well. It displays good human-readable output.

sudo netstat -tupnc

answered Apr 29 '20 at 01:09

rjkunde

141

score 1 · Answer 4 · answered Mar 28 '16 at 21:14

1

Just run a while loop that sleeps for 60 seconds

[root@host] $ while true
> do
> netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
> sleep 60
> done

This will give you the same output every 60 seconds

answered Mar 28 '16 at 21:14

Chris Alderson

56

score 0 · Answer 5 · answered Aug 10 '21 at 09:25

0

you can use netstat interval(in second) it refresh active connection in each interval for example type in cmd: netstat 5 -> this mean every 5 seconds, netstat runs again until you press Ctrl+C

answered Aug 10 '21 at 09:25

Pooyan Tavakoli

1

Netstat continuous refresh (watch changes the output)

5 Answers5